The EORM Enterprise-wide Business Process Approach
A truly enterprise-wide approach to BCP involves much more than just developing
continuity plans. It is a systematic and measurable business process that
must be viewed as such. It must support the vision and values of the organization
it is designed to sustain.
The highlights of EORM’s BCP methodological approach are as follows:
 |
|
|
 |
 |
|
 |
|
|
 |
|
Effective BCP and Crisis Management process implementation or improvement is not a precise science. It is instead a combination of science and art, where emphasis on organizational time-critical business process support will ensure effective continuity in times of emergency or disaster.
Assess
Future State Visioning is an interactive facilitated process that includes developing an appropriate and measurable BCP business process for the client organization. This process is vital in the conceptual development of the organization BCP business process based upon leading practices that are customized to accommodate the needs and expectations of a particular client organization.
Business Impact Assessment (BIA) examines an organization's business processes to determine the impact of loss or interruption of a supporting service on the overall business. The goal of the BIA is to prioritize business processes and assign a recovery time objective (RTO) for their recovery and the recovery of their support resources. An important outcome of this activity is the mapping of time-critical processes to their support resources (i.e., IT applications and infrastructure, facilities, critical third parties, etc.)
BCP Process Current State Assessment analyzes an organization’s environment to gauge the health of the Continuity Planning Process. Figure 1 above illustrates how the BCP environment should be configured within an organization. This process also involves identifying and/or determining how the organization values the BCP process and measures its success (an often overlooked process and one that can lead to the failure of the BCP process).
Risk Management Review (RMR) assesses the potential risks and vulnerabilities and develops strategies and programs to mitigate or eliminate those risks. The RMR commonly looks at the security of Physical, Environmental, and Information capabilities of the organization. In general, the RMR should focus on the current status of basic mitigating control areas such as:
• Physical security,
• Environmental security,
• Single-points-of-failure,
• Problem and change management,
• Vital records protection,
• Business interruption and extra expense insurance,
• Executive protection, and
• Off-Site date storage, etc.
Leading Practices/Benchmarking Services is an optional component that draws from the performance of industry and/or peer benchmarking studies to identify leading practices. These practices can then be used to help establish the most appropriate Future State Vision for the organization’s BCP infrastructure.
Design/Develop
Continuity Strategy Development involves facilitating a workshop or series of workshops designed to determine and document the most appropriate recovery alternative to BCP challenges (i.e., determining if a hotsite is needed for IT continuity purposes, determining if additional communications circuits should be installed in a Networking environment, determining if additional workspace is needed in a business operations environment, etc.) using the information derived from the risk assessments above. From these facilitated workshop(s) EORM professionals work with client teams to create a business case documenting the data, proposed solutions.
Continuity and Crisis Management Team Identification and Development ensures that through the special attention is given to the identification and development of realistic continuity and crisis management team members in recognition of the vital importance that personnel reactions play in emergency situations. It is of vital importance to the enterprise that the most appropriate continuity and crisis management team representatives be prepared to react appropriately during a wide ranging number of potential emergency and disaster circumstances.
Continuity and Crisis Management Plan Development ensures that through the team and plan development cycle, all policies, guidelines and continuity measures are formally and appropriately documented (documentation overkill must be avoided). This documentation process helps organizations structure the BCP environment, recovery team structures, identify plan owners and project management teams, ensuring the successful development of the plan. EORM partners with clients to align the continuity plan to the overall IT continuity plan and Crisis Management Infrastructure (see Figure 1).
BCP Testing, Maintenance, Training, and Measurement focuses on the most appropriate design and development of BCP testing, maintenance, training and measurement strategies and guidelines.
Implement
Plan Testing/Drills with business unit leaders simulate potential disasters and test continuity plans for effectiveness. As a result of the testing, any necessary adjustments and modifications are incorporated into the plan.
BCP and Crisis Management Process Implementation emphasizes the
organized deployment of the continuity and crisis management planning strategies
that have been developed, including implementation of long-term testing,
maintenance, training, and measurement practices.
Continuity Plan and Process Review and Maintenance involves the constant
review and maintenance of the continuity and crisis management plans. In
addition, this phase can entail assisting the client in reviewing the ongoing
viability of the overall continuity and crisis management business processes
within the organization.
To discuss how we can help your company with its Continuity Planning, call us toll-free at 800.648.1506. Outside the United States, please dial 408.822.8100 or send us an e-mail.
